package com.zenithmind.chat.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;

/**
 * 次要Spring Security配置类
 * 仅处理非API路径，避免与AiChatSecurityConfig冲突
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig {

    // 仅处理UI资源路径
    private static final String[] UI_PATHS = {
        "/css/**", 
        "/js/**", 
        "/images/**", 
        "/fonts/**",
        "/error/**"
    };

    @Bean
    @Order(2) // 确保在AiChatSecurityConfig之后处理
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
            .securityMatcher(UI_PATHS) // 限制此配置仅应用于UI路径
            .csrf(AbstractHttpConfigurer::disable)  // 禁用CSRF保护
            .authorizeHttpRequests(authorize -> authorize
                .anyRequest().permitAll())  // 允许所有请求通过
            .headers(headers -> headers.frameOptions(frameOptions -> frameOptions.disable()));  // 允许iframe嵌入
        
        return http.build();
    }
} 